Microsoft Expands Bug Bounty Program to Project Spartan

Heads up, security researchers: Microsoft is giving you some new opportunities to earn extra cash.

Redmond on Wednesday announced a major expansion of its bug bounty program, extending it to the company's forthcoming Project Spartan Web browser, as well as its Azure cloud platform, and Sway Web presentation tool.

As part of the new Project Spartan bug bounty program, security researchers can earn anywhere from $500 to $15,000 for security vulnerabilities in the new browser, including remote code execution and sandbox escapes as well as design-level bugs. Researchers can submit their bugs beginning today through June 22.

Microsoft said it may even pay out more than $15,000 for particularly complex, quality entries.

In a blog post, Microsoft's Security Response Center (MSRC) team said the new browser will "be the onramp to the Internet for millions of users when Windows 10 launches later this year. Securing this platform is a top priority for the browser team."

Spartan bounties will depend on the severity of the bug discovered, as well as the quality of the documentation you provide, and how reproducible the issue is, Microsoft said. For specifics, check out the program terms.

As a word of caution, be sure to use the latest version released in the Windows 10 Technical Preview, so you don't waste your time reporting something that was already fixed.

Meanwhile, Microsoft is also raising the maximum payout for its Online Services Bounty Program, which covers Office 365 services and now Azure, to $15,000 for critical bugs. As always, the more impactful and better documented your bug is, the more you'll earn.

"These important additions to the Bounty Programs reflect the continued shift and evolution of technology towards the cloud," the MSRC team wrote.